CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

● Live advisory feed

Security Advisory Fusion for CSIRTs, SOCs & Defenders

Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.

Advisories tracked
9,155
Known exploited
1,706
Sources online
24
Last sync
1H AGO
26 records · page 1 / 1

USN-8524-1: Python vulnerability

It was discovered that Python did not use sufficient entropy for Expat hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree modules. An attacker could use this to cause a denial of service via a crafted XML document.

unknownCVE-2026-7210ubuntu2026-07-09

USN-8523-1: libsoup vulnerabilities

Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-length resources. An attacker could possibly use this issue to trigger a buffer over-read, resulting in information disclosure or a denial of service. This issue only affected Ubuntu 18.04 LT

USN-8521-1: Libidn vulnerability

It was discovered that Libidn incorrectly handled certain internationalized domain name strings. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service.

unknownCVE-2026-57053ubuntu2026-07-09

USN-8520-1: Expat vulnerability

It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, leading to a denial of service.

unknownCVE-2026-41080ubuntu2026-07-09

USN-8518-1: mailcap vulnerability

Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of certain file types. An attacker could use this issue to escape a sandboxed application and execute arbitrary code on the host operating system.

unknownCVE-2026-10037ubuntu2026-07-08

USN-8515-1: Addressable vulnerability

It was discovered that Addressable incorrectly handled certain URI templates, generating regular expressions vulnerable to catastrophic backtracking. An attacker could use this issue to craft a URI that, when matched against a vulnerable template, causes excessive resource consum

unknownCVE-2026-35611ubuntu2026-07-07

USN-8514-1: OpenSSH vulnerability

It was discovered that OpenSSH incorrectly handled file permissions when downloading files as root using the legacy scp protocol without the preserve-mode option. An attacker could use this to install setuid or setgid files on a system, possibly leading to privilege escalation.

unknownCVE-2026-35385ubuntu2026-07-06

USN-8512-1: Gzip vulnerabilities

It was discovered that Gzip's gzexe utility handled temporary files in an insecure manner. When the mktemp utility was not available, gzexe constructed a temporary file path based on the process ID, which could be predicted. A local attacker could possibly use this issue to overw

USN-8511-1: socat vulnerabilities

It was discovered that socat incorrectly handled the SOCKS5 proxy server reply parser. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-56123) It was discovered that socat incorrectly handled a sample script. A local attacker could possibly use